Академический Документы
Профессиональный Документы
Культура Документы
User Guide
Click here to download the most recent version of this document
Contents
1.
ESET SysRescue
..................................................................3
Live
2.
Creating
..................................................................3
ESET SysRescue Live media
2.1
Creating
an ESET SysRescue Live USB using a CD/DVD
.........................................................................................5
3.
Starting
..................................................................6
ESET SysRescue Live
4.
Using..................................................................7
ESET SysRescue Live
4.1
4.5
4.6
On-demand
scan
.........................................................................................8
4.1.1
ThreatSense
...........................................................................9
Engine Setup
Update
.........................................................................................11
What.........................................................................................12
is a potentially unwanted application?
Tools.........................................................................................12
4.4.1
Log...........................................................................12
files
4.4.2
Protection
...........................................................................12
statistics
4.4.3
Quarantine
...........................................................................12
4.4.4
Submit
...........................................................................12
file for analysis
Preferences
.........................................................................................13
Program
menu
.........................................................................................14
5.
How..................................................................14
to exit ESET SysRescue Live
6.
Erasing
..................................................................14
ESET SysRescue Live media
7.
Bomgar
..................................................................15
and TeamViewer
8.
About
..................................................................16
Desktop environment
8.1
Network
.........................................................................................17
9.
Troubleshooting
..................................................................19
4.2
4.3
4.4
3. Select the type of media you want to create and confirm the operation.
Figure 2 ESET Live USB Creator
4. Wait until ESET SysRescue Live gets installed on your portable device you have chosen in the previous step.
Figure 3 Creating ESET SysRescue Live
5. The message "ESET SysRescue has been successfully created. " will be displayed when ESET SysRescue Live
installation is complete.
If you want to create another rescue disc at a later time, we recommend that you use Save ISO file. During rescue disc creation,
select the check box next to Use previously downloaded ISO image to access your saved ISO file.
Figure 4 ESET SysRescue Live has been created
6. When your ESET SysRescue Live media is ready, remove it from your computer and store it in a safe place. You can now use
ESET SysRescue Live on an infected machine.
After confirming your acceptance of the License Agreement, the main program window will be displayed.
Figure 7 ESET SysRescue and Desktop after starting up
Note: Both scanning options are configured to scan the /media folder that include mounted discs.
When performing a Custom scan, you can select one of the default scan profiles or click Setup... to modify scanning parameters
or select specific scan targets. Select Scan without cleaning if you do not want to perform cleaning actions against any threats
discovered by the scan.
4.1.1
The ThreatSense engine setup options allow you to specify several scan parameters:
File types and extensions that are to be scanned
The combination of detection methods used
Levels of cleaning, etc.
The Objects section allows you to define which computer files will be scanned for infiltrations:
Files provides scanning of all common file types (programs, pictures, audio, video files, database files, etc.).
Symbolic links (On-demand scanner only) scans special type of files that contain a text string that is interpreted and followed
by the operating system as a path to another file or directory.
Email files (not available in Real-time protection) scans special files where email messages are contained.
Mailboxes (not available in Real-time protection) scans user mailboxes in the system. Incorrect use of this option may result
in a conflict with your email client.
Archives (not available in Real-time protection) provides scanning of files compressed in archives (.rar, .zip, .arj, .tar, etc.).
Self-extracting archives (not available in Real-time protection) scans files that are contained in self-extracting archive files.
Runtime packers unlike standard archive types, runtime packers decompress in memory, in addition to standard static
packers (UPX, yoda, ASPack, FGS, etc.).
Boot sectors Scans boot sectors for the presence of viruses in the master boot record.
In the Options section, you can select the methods used during a scan of the system for infiltrations:
Heuristics Heuristics use an algorithm that analyzes the (malicious) activity of programs. The main advantage of heuristic
detection is the ability to detect new malicious software that did not previously exist, or was not included in the list of known
viruses (virus signatures database).
Advanced heuristics Advanced heuristics utilize a unique heuristic algorithm, developed by ESET, optimized for detecting
computer worms and trojan horses written in high-level programming languages. The program's detection ability is
significantly higher as a result of advanced heuristics.
Potentially unwanted applications These applications are not necessarily intended to be malicious, but may affect the
performance of your computer in a negative way. Such applications usually require consent for installation. If they are present
on your computer, your system behaves differently (compared to the way it behaved before these applications were installed).
The most significant changes include unwanted pop-up windows, activation and running of hidden processes, increased usage
of system resources, changes in search results, and applications communicating with remote servers.
Potentially unsafe applications these applications refer to commercial, legitimate software that can be abused by attackers, if
it was installed without user's knowledge. The classification includes programs such as remote access tools, which is why this
option is disabled by default.
9
The Cleaning settings determine the manner in which the scanner cleans infected files. There are 3 levels of cleaning:
No cleaning Infected files are not cleaned automatically. The program will display a warning window and allow you to
choose an action.
Standard cleaning The program will attempt to automatically clean or delete an infected file. If it is not possible to select the
correct action automatically, the program will offer a choice of follow-up actions. The choice of follow-up actions will also be
displayed if a predefined action could not be completed.
Strict cleaning The program will clean or delete all infected files (including archives). The only exceptions are system files. If
it is not possible to clean them, you will be offered an action to take in a warning window.
Figure 10 ThreatSense engine parameters setup
The Extensions settings allow you to define the types of files to be excluded from scanning. An extension is the part of the file
name delimited by a period that defines the type and content of the file.
By default, all files are scanned regardless of their extension. Any extension can be added to the list of files excluded from
scanning. Using the Add and Remove buttons, you can enable or prohibit scanning of desired extensions.
Excluding files from scanning is sometimes necessary if scanning of certain file types prevents the proper function of a program
that is using the extensions. For example, it may be advisable to exclude the .log, .cfg and .tmp extensions.
The Limits section allows you to specify the maximum size of objects and levels of nested archives to be scanned.
Maximum Size Defines the maximum size of objects to be scanned. The antivirus module will scan only objects smaller than
the size specified. We do not recommend changing the default value, as there is usually no reason to modify it. This option
should only be changed by advanced users who have specific reasons for excluding larger objects from scanning.
Maximum Scan Time Defines the maximum time allotted for scanning an object. If a user-defined value has been entered here,
the antivirus module will stop scanning an object when that time has elapsed, whether or not the scan has finished.
Maximum Nesting Level Specifies the maximum depth of archive scanning. We do not recommend changing the default value
of 10; under normal circumstances, there should be no reason to modify it. If scanning is prematurely terminated due to the
number of nested archives, the archive will remain unchecked.
Maximum File Size This option allows you to specify the maximum file size for files contained in archives (when they are
extracted) that are to be scanned. If scanning is prematurely terminated because of this limit, the archive will remain
unchecked.
If you want to disable scanning of folders controlled by the system (/proc and /sys ), select Exclude system control folders from
scanning option (this option is not available for startup scan).
10
Use the Others tab to define other parameters of the ThreatSense Engine.
Enable Smart optimization The most optimal settings are used to ensure the most efficient scanning level, while
simultaneously maintaining the highest scanning speeds. The various protection modules scan intelligently, making use of
different scanning methods while applying them to specific file types. Smart Optimization is not rigidly defined within the
product. The ESET Development Team is continuously implementing new changes, which then get integrated into ESET SysRescue
via regular updates. If Smart Optimization is disabled, only the user-defined settings in the ThreatSense core of the particular
module are applied when performing a scan.
Scan alternative data streams Alternate data streams used by the file system are file and folder associations that are
invisible from ordinary scanning techniques. Many infiltrations try to avoid detection by disguising themselves as alternative
data streams.
Preserve last access timestamp Select this option to keep the original access time of scanned files instead of updating it (for
example for use with data backup systems).
4.2 Update
The ability to update the virus signature database is an essential feature of ESET SysRescue. We recommend that you update the
program prior to starting a Computer scan.
By clicking Update from the main menu, you can view the current update status, including the date and time of the last successful
update, as well as whether an update is needed. To begin the update process manually, click Update virus signature database.
If an update fails, check the internet connection in the Network Connection settings located in the Preferences menu at the
bottom left of the screen.
Under normal circumstances, when updates are downloaded properly, the message "Virus signature database is up to date" will
appear in the Update window.
The Update window also contains information about the virus signature database version. This numeric indicator is an active
link to the ESET website, where all signatures added during a given update are listed.
Figure 11 Update screen
Note: Since ESET SysRescue is a free tool, a username and password are not required for automatic updates of the virus
signature database. However, if you wish to use a different update server, you can set server details in Preferences (F5) > Updates
by clicking Edit.
11
4.4 Tools
4.4.1
Log files
The Log files contain information about all important program events that have occurred, and provide an overview of detected
threats. Logging is an essential tool in system analysis, threat detection and troubleshooting. Logging is performed actively in the
background with no user interaction.
If advanced mode is active, logs are accessible from the ESET SysRescue main menu by clicking Tools > Log files. Select the desired
log type using the Log drop-down menu at the top of the window. The following logs are available:
Detected threats Use this option to view all information about events related to the detection of infiltrations.
Events This option is designed for system administrators and users to solve problems. All important actions performed by
ESET SysRescue are recorded in the Event logs.
On-demand scan Results of all completed scans are displayed in this window. Double-click any entry to view details of a
respective On-demand scan.
4.4.2
Protection statistics
To view a graph of statistical data related to ESET SysRescue's protection modules, click Tools > Protection statistics. The Antivirus
and Antispyware Protection Statistics Graph displays the number of infected and cleaned objects. Below the statistics graphs, you
can see the number of total scanned objects, latest scanned object and the statistics timestamp. Click Reset to clear all statistics
information.
4.4.3
Quarantine
The main task of the quarantine is to safely store infected files. Files should be quarantined if they cannot be cleaned, if it is not
safe or advisable to delete them, or if they are being falsely detected by ESET SysRescue.
You can choose to quarantine any file. This is advisable if a file behaves suspiciously but is not detected by the antivirus
scanner. Quarantined files can be submitted to the ESET Threat Lab for analysis.
To restore a quarantined file to its original location, select it and click Restore. You can also restore any file listed in the
quarantine by right-clicking it and selecting Restore from the context menu The context menu also offers the option Restore to
which allows you to restore a file to a location other than the one from which it was deleted.
4.4.4
The file submission dialog enables you to send a file or a site to ESET for analysis and can be found under Tools > Submit sample
for analysis. If you find a suspicious file on your computer or a suspicious site on the Internet, you can submit it to the ESET Virus
Lab for analysis. If the file turns out to be a malicious application or website, its detection will be added to an upcoming update.
Alternatively, you can submit the file by email. If you prefer this option, pack the file(s) using RAR/ZIP, protect the archive with the
password "infected" and send it to samples@eset.com. Please remember to use a descriptive subject and enclose as much
information about the file as possible (for example, the website you downloaded it from).
NOTE: Before submitting a file to ESET, make sure it meets one or more of the following criteria:
the file is not detected at all
the file is incorrectly detected as a threat
You will not receive a response unless further information is required for analysis.
12
4.5 Preferences
To access preferences for ESET SysRescue, click main menu in the top right corner of the main window and select Preferences... or
press F5.
Figure 12 ESET SysRescue preferences
13
Warning: Local filesystem partitions are mounted as read-write by default. We recommend that you do not perform a force
reboot or shutdown to avoid possible data loss.
14
ESET SysRescue Live Live USB Cleaner icon (available on your Desktop) and follow the instructions in the
Note: This method of cleaning is only possible if you are running ESET SysRescue Live from a CD/DVD.
2. Cleaning ESET SysRescue Live using ESET Live USB Creator
1. Download and run ESET Live USB Creator on a Windows platform.
2. Click Format existing ESET SysRescue Live USB.
3. Select your ESET SysRescue Live media and confirm the Erase USB drive operation.
Figure 15 Location of the formatting option
Note: Cleaning is only available when ESET SysRescue Live data is stored on a USB flash drive. This prevents destruction of data
on other USB flash drives. If you are working in Windows, you will only be able to format the first partition (disk), because the
Linux version of ESET SysRescue Live creates three Linux-specific partitions.
15
Figure 16 TeamViewer
16
Note: In the ESET SysRescue Live environment, applications may take longer to load, particularly if you are running them from a
CD/DVD.
8.1 Network
If you are connected to the Internet, you will most likely obtain the IP address automatically from DHCP server.
Use the Network Connections tool to modify network properties:
1.
2.
3.
4.
5.
6.
17
A working Internet connection is required for ESET SysRescue Live to receive virus signature database updates.
If a proxy server is used to control the Internet connection of a system where ESET SysRescue Live is installed, you must specify
proxy server details. To do so, press F5 to open the Preferences window and select Proxy server in the Miscellaneous section.
Figure 19 ESET SysRescue Proxy Server configuration
18
9. Troubleshooting
Following instructions may help you to resolve common ESET SysRescue Live issues.
I cannot run ESET SysRescue Live from my removable media
For ESET SysRescue Live to function properly, your computer must allow booting from removable media. You can modify boot
priority settings in the BIOS, which is usually accessed by pressing one of the function keys (F8-F12) or the ESC key during startup
depending on the BIOS type. Typically, instructions for accessing the BIOS will be displayed on-screen during startup.
Unable to perform a virus signature database update
If an update fails, check the internet connection in the Network Connection settings located in the Preferences menu at the
bottom left of the screen.
I do not know my username or password
Since ESET SysRescue is a free tool, a username and password are not required for automatic updates of the virus signature
database.
ESET SysRescue window does not start after booting up
ESET SysRescue window should start automatically under normal circumstances. If not, try to run the ESET SysRescue GUI
manually using LXTerminal.
1. Click system menu
in the bottom left corner.
2. Navigate to Accessories and select LXTerminal.
3. Run the following commands in the console:
killall esets_gui
/opt/eset/esets/bin/esets_gui
ESET Support on your Desktop, or visit our Knowledgebase if you still cannot resolve your issue.
19